Angular - 已被 CORS 策略阻止 - header - 不允许请求 header 字段身份验证
Angular - has been blocked by CORS Policy - header - Request header field authentication is not allowed
是的,我看了很多关于 CORS 和 header 的类似问题。
我尝试了很多,但仍然在 Google Chrome.
中出现此错误
Access to XMLHttpRequest at 'https://service.domain.com/clientlist' from origin 'http://localhost:4200' has been blocked by CORS policy:
Request header field authentication is not allowed by Access-Control-Allow-Headers in preflight response.
我的代码:
request = request.clone({
setHeaders: {
'Content-Type': 'application/json',
authentication: `Basic ${myCredentials}`,
'Access-Control-Allow-Headers': 'X-Requested-With, Content-Type, authentication, Accept, Access-Control-Request-Method, Access-Control-Request-Headers',
}
});
我什至尝试将其与以下选项结合使用:
'access-control-allow-credentials': true,
'access-control-allow-origin': 'http://localhost:4200',
${myCredentials} => 填写正确,因为当我 运行 :
chrome.exe --user-data-dir="C://Chrome dev session" --disable-web-security
它 运行很好,而且对网络服务的调用也完美无缺!
因为我使用 :
export class BasicAuthInterceptor implements HttpInterceptor {
...
}
提前致谢!
我的解决方案是使用标准字段“授权”并删除行“Access-Control-Allow-Headers”。
服务端有一些限制,我们IT改不了。
非常感谢 MikeOne 和 sideshowbarker !!!!
最终代码:
request = request.clone({
setHeaders: {
'Content-Type': 'application/json',
Authorization: `Basic ${myCredentials}`,
}
});
祝你有愉快的一天!
是的,我看了很多关于 CORS 和 header 的类似问题。 我尝试了很多,但仍然在 Google Chrome.
中出现此错误Access to XMLHttpRequest at 'https://service.domain.com/clientlist' from origin 'http://localhost:4200' has been blocked by CORS policy:
Request header field authentication is not allowed by Access-Control-Allow-Headers in preflight response.
我的代码:
request = request.clone({
setHeaders: {
'Content-Type': 'application/json',
authentication: `Basic ${myCredentials}`,
'Access-Control-Allow-Headers': 'X-Requested-With, Content-Type, authentication, Accept, Access-Control-Request-Method, Access-Control-Request-Headers',
}
});
我什至尝试将其与以下选项结合使用:
'access-control-allow-credentials': true,
'access-control-allow-origin': 'http://localhost:4200',
${myCredentials} => 填写正确,因为当我 运行 :
chrome.exe --user-data-dir="C://Chrome dev session" --disable-web-security
它 运行很好,而且对网络服务的调用也完美无缺! 因为我使用 :
export class BasicAuthInterceptor implements HttpInterceptor {
...
}
提前致谢!
我的解决方案是使用标准字段“授权”并删除行“Access-Control-Allow-Headers”。 服务端有一些限制,我们IT改不了。
非常感谢 MikeOne 和 sideshowbarker !!!!
最终代码:
request = request.clone({
setHeaders: {
'Content-Type': 'application/json',
Authorization: `Basic ${myCredentials}`,
}
});
祝你有愉快的一天!